Security & Smart Card Forum Discussions

Hello Again...

So, I had to port the Linux v6 drivers into my release of Linux 5.15 to get communication with chip working.  I was able to test this kernel build with ported drivers on my development board with the OPTIGA TPM 9673 RPI EVAL board connected to it.  Everything seems to be working on that hardware environment. 

My issue is when i move this same kernel build on my target device, I get this kernel message:

[    0.302465] tpm_tis_i2c: probe of 002e failed with error -11

I am able to communicate with the TPM that on my target device. I am able to read the vendor and device ID's. 

What am I missing to get these TPM chip operational on these embedded devices?

Hello,

could you tell me where can download the SCL36 datasheet? 

I want to know work voltage and other feature. 

thanks

I know there is a solution for this issue.  However, it seems there is a dead link in the solution.   

Here is the original post. 

https://community.infineon.com/t5/OPTIGA-TPM/Does-the-SLB9673-compatibility-with-SLB9670-on-kernel-I2C-driver/m-p/380690#M179

I was only able to apply one of the recommended patches.  That was: https://patchwork.kernel.org/project/linux-integrity/patch/20220321090924.1951-1-johannes.holland@infineon.com/

The other link what was given had no patch.  Could someone reply with updated links for the patches I need to apply. 

THanks..

-Enrique

------

Kernel Message:

[ 1.049571] tpm_i2c_infineon 3-002e: could not request locality

Hi @sneha_prahalad ,

Sorry for the late response on this post(https://community.infineon.com/t5/OPTIGA-TPM/TPM-SLB9672-can-not-read-the-device-id-on-Linux5-10/m-p/453596#M545)

Can I ask why recommend our to fix schematic like below:

Because we afraid if we fix our schematic,maybe have the some side effect.

Here are some recommendations for your schematic:

Pins 1,8 & 14: Place 1uF from VDD_3V3 to GND, and place 0.1uF close to each TPM VDD pin. So, 2x0.1uF are good enough.
Pin 13: It would be better if you removed R502
Pin 18 & 20: Please add a 10K pull-up resistor in Pin20 CS#

在TPM1.2上使用tpm-luks工具成功实现过，但现在换了TPM2.0。
硬件为：thinkpad x1 carbon，安装ubuntu16.04系统时硬盘分区如下：
1、efi分区 1000MB；2、ext4分区 2000MB 挂载到/boot，不加密；3、ext4分区 20G 挂载到/，使用luks加密并设置好密码。
这样每次开机时输入设置的密码能够正常进入系统，现在需要将这个密码存储到TPM2.0芯片中，以实现开机自动解锁和挂载分区3。
我参考了github上的以下几个教程：
1、http://github.com/vchatterji/tpm2-luks //主要教程
2、http://github.com/intel/tpm2-tss
3、http://github.com/intel/tpm2-abrmd
4、http://github.com/intel/tpm2-tools
5、http://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2 //2、3、4是安装cryptfs-tpm2前需要安装的环境
tpm2-tss、tpm2-abrmd、tpm2-tools已成功安装，但安装cryptfs-tpm2时，执行make命令报如下错误：（环境变量什么的均按教程5里的配置好）
tpm2_rc.h:73:25: error: unknown type name 'TPM2_RC'

问题：是否一定要用到cryptfs-tpm2这个工具？如果不使用cryptfs-tpm2，有没有其它更简单的办法或工具/脚本可以实现将密码存储到tpm2.0芯片中？

Hi ,

I am having TPM2.0 SLB 9670 on my board. I am getting the below error during start-up, related to TPM. 

#dmesg | grep tpm
[ 12.222709] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22)
[ 12.231609] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 12.239298] tpm tpm0: starting up the TPM manually

Could you please let me know how to fix this error?

DTS:

&ecspi2 {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_ecspi2>, <&pinctrl_spi2_ss0>;
cs-gpios = <&gpio5 13 0>;
status = "okay";

tpm0: slb9670@0 {
compatible = "infineon,slb9670";
reg = <0>;
spi-max-frequency = <38000000>;
};
};

Defconfig changes

# zcat /proc/config.gz | grep TIS

CONFIG_TCG_TIS_CORE=m
# CONFIG_TCG_TIS is not set
CONFIG_TCG_TIS_SPI=m
# CONFIG_TCG_TIS_SPI_CR50 is not set
# CONFIG_TCG_TIS_I2C_CR50 is not set
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set

Running YOCTO4.0 Linux kernel 5.15.71-lts

Hello Infineon Team

I have connected the Shield2GO OPTIGA TRUST M Security board according to picture https://github.com/Infineon/linux-optiga-trust-m/blob/development_v3/pictures/coonection_diagram1.png (lines VCC, GND, SDA including pull up, SCL including pull up, all other pins are not connected) to a NXP IMX8.
I would have expected now that the chip is recognized on the I2C at the address 0x30 (According to Infineon-OPTIGA_Trust_M-DataSheet-v03_40-EN.pdf page 26). Unfortunately, the chip is not detected.

i2cdetect -y 1
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- -- 
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
70: -- -- -- -- -- -- -- --

With the Logic analyzer I can record the data on the Shield2Go board. But there I see no reaction of the chip. Is this a correct behavior or have I understood something wrong?

Kind regards
Michael